0

Should I "allow" or "Deny" Zone Alarm to access the internet for svchost.exe, lasass.exe, csrss.exe, and there are two or so more.


Also Internet Explorer seems to be fairly buggy, and my computer seems to lag a bit.

My specs are 3.0Ghz Pentium 4, 512MB or RAM, and I'm running Windows XP Home Edition.

2
Contributors
14
Replies
15
Views
12 Years
Discussion Span
Last Post by swatkat
0

Basically I need to know if I should have Zone Alarm remember these execs :?: So far I've been denying them and I have viruses that AVG keeps finding.

I just reinstalled Windows if that matters, thanks in advance.

0

Does anyone here know anything about this? I have viruses AVG keeps finding, and as I delete them they keep reappearing.

0

Hi,
Yes, you can let the svchost.exe and csrss.exe, but make sure that file is located in Windows\System32 folder. And, for lasass.exe, is this the exact filename? or is it lsass.exe?

But it's a better to scan for any viruses/malwares that may be present. Please download Sysclean Pacakge, create a folder named Sysclean on Desktop, and put the downloaded file to that folder.
Next download the pattern file for Windows OS (pattern file will have a name like lpt731.zip ) and extract the contents of the ZIP file to the same Sysclean folder.

Boot in SAFE Mode.

Next, double-click on the sysclean.com file, and after few seconds, the Sysclean window appears. Here make sure that Automatically clean or delete infected files option is selected. Then click "Scan". After the scan is complete it gives a log, save the log file.


Reboot to normal mode, and post the Sysclean log file.

0

K thanks.


It's lsass.exe, and how do I make sure it is in the correct directory? This particular executable came up as a virus below apparently, either that or it found a virus, I'm really not sure but the log is all here for you.


First I'll post the TSCDebug info...

TSCDebug:

Debug Information Level=0
BackupRegKey[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv]
BackupRegKey[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv\Security]
BackupRegKey[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv\Enum]
BackupFile[C:\WINDOWS\System32\rdriv.sys]

This is the log of the entire scan.

sysclean:


/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/

2005-07-20, 13:37:37, Auto-clean mode specified.
2005-07-20, 13:37:37, Running scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\TSC.BIN"...
2005-07-20, 13:40:57, Scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\TSC.BIN" has finished running.
2005-07-20, 13:40:57, TSC Log:
Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: )
Start time : Wed Jul 20 2005 13:37:37
Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Owner\Desktop\Sysclean\tsc.ptn" (version 629) [success]
TROJ_ROOTKIT.E[virus found]
-->delete registry key("HKEY_LOCAL_MACHINE","SYSTEM\CurrentControlSet\Services\rdriv","") success
-->reboot delete file("C:\WINDOWS\System32\rdriv.sys","","") success
Complete time : Wed Jul 20 2005 13:40:23
Execute pattern count(4118), Virus found count(1), Virus clean count(1), Clean failed count(0)
2005-07-20, 13:41:09, An error occurred while scanning file "C:\Documents and Settings\Owner\NTUSER.DAT": Access is denied.
2005-07-20, 13:41:09, An error occurred while scanning file "C:\Documents and Settings\Owner\ntuser.dat.LOG": Access is denied.
2005-07-20, 13:41:21, An error occurred while scanning file "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-20, 13:41:21, An error occurred while scanning file "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-20, 13:44:22, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-2ED3360E.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGCC.EXE-36A38F59.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGEMC.EXE-361B4758.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-3038B75E.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\CSRSS.EXE-39B8819D.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\CTDVDDET.EXE-002C6B82.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\CTHELPER.EXE-11B416D5.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\CTSYSVOL.EXE-1D56C447.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\EDOWST3.EXE-196293B7.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\EM_EXEC.EXE-21B4F4A4.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\EXUL1.EXE-0DA91456.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\FTP.EXE-0FFFB5A3.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\GTBXP.EXE-38A369C2.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\IKERNEL.EXE-078AA887.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGI_MWX.EXE-1B741F45.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3603C23A.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-42C4EDF2.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-237576F2.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP_WM.EXE-20455A8E.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYWAREBLASTER.EXE-20CF1E62.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-16C7D411.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\SXE7.TMP-04BA793D.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\UNREGMP2.EXE-075872D2.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-00637380.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-023F84BE.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-0588D661.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-21EE8B6F.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-23144010.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-276FE956.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-3624F1B6.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\VSSTATMN8.EXE-390D657D.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\VZNETSVC.EXE-1403945D.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\WINZIP32.EXE-382A5A28.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\WINZIP90.EXE-1C9DE248.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\WZQKPICK.EXE-303401C3.pf": Access is denied.
2005-07-20, 13:48:10, Could not set file for reading on "C:\WINDOWS\Prefetch\ZLCLIENT.EXE-1C550EB2.pf": Access is denied.
2005-07-20, 13:51:18, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2005-07-20, 13:51:18, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2005-07-20, 13:51:18, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2005-07-20, 13:51:18, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2005-07-20, 13:51:18, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2005-07-20, 13:51:18, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2005-07-20, 13:51:18, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2005-07-20, 13:51:18, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2005-07-20, 13:51:21, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2005-07-20, 13:51:21, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2005-07-20, 13:53:56, Running scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN"...
2005-07-20, 14:03:03, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/20/2005 13:53:56
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 737 (104825 Patterns) (2005/07/19) (273700)
Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\LHSRUCOF\wv[1].ani [TROJ_ANICMOO.K]
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SX88VHBC\ws[1].exe [WORM_SDBOT.BBP]
C:\WINDOWS\lsass.exe [WORM_SDBOT.BMB]
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XRML32TS\mtrslib2[1].js [JS_DOWNLOAD.D]
C:\WINDOWS\system32\rdriv.sys [TROJ_ROOTKIT.E]
C:\WINDOWS\system32\VSStatmn8.exe [WORM_RBOT.GEN]
14124 files have been read.
14124 files have been checked.
12104 files have been scanned.
17572 files have been scanned. (including files in archived)
6 files containing viruses.
Found 6 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/20/2005 14:03:03
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-20, 14:03:03, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/20/2005 13:53:56
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 737 (104825 Patterns) (2005/07/19) (273700)
Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean
Success Clean [ TROJ_ANICMOO.K]( 1) from C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\LHSRUCOF\wv[1].ani
Success Clean [ WORM_SDBOT.BBP]( 1) from C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SX88VHBC\ws[1].exe
Success Clean [ WORM_SDBOT.BMB]( 1) from C:\WINDOWS\lsass.exe
Success Clean [ JS_DOWNLOAD.D]( 1) from C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XRML32TS\mtrslib2[1].js
Success Clean [ TROJ_ROOTKIT.E]( 1) from C:\WINDOWS\system32\rdriv.sys
Success Clean [ WORM_RBOT.GEN]( 1) from C:\WINDOWS\system32\VSStatmn8.exe
14124 files have been read.
14124 files have been checked.
12104 files have been scanned.
17572 files have been scanned. (including files in archived)
6 files containing viruses.
Found 6 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/20/2005 14:03:03 9 minutes 2 seconds (541.91 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-20, 14:03:03, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/20/2005 13:53:56
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 737 (104825 Patterns) (2005/07/19) (273700)
Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean
14124 files have been read.
14124 files have been checked.
12104 files have been scanned.
17572 files have been scanned. (including files in archived)
6 files containing viruses.
Found 6 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/20/2005 14:03:03 9 minutes 2 seconds (541.91 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-20, 14:03:03, Scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN" has finished running.


That's it, I'll be looking forward to your response, thanks.

0

Hi,

C:\WINDOWS\lsass.exe [WORM_SDBOT.BMB]
Success Clean [ WORM_SDBOT.BMB]( 1) from C:\WINDOWS\lsass.exe

Yes, in your case, it was a virus. The genuine lsass will be located in C:\windows\System32 folder.


Download CleanUp! and install it.Run CleanUp!, click "Options" button, move the "Quick Setup" slider to "Thorough CleanUp!" and click "Yes" for the warning message and exit from Options.
Click "CleanUp!" to start cleaning. After cleaning, click "Close", and choose "No" to avoid the restart.


Download Ewido and install it. Then run, you will receive a warning message saying "Database not found", click "OK" for this. Next in the main screen, click "Update" and click "Start Update". After the update process, exit from Ewido.

Run Ewido, click on the "Scanner" button in the left menu, then click on the "Start" button.
If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK. When the scan finishes, click on "Save Report". This will create a text file.

After this, restart the PC, scan with your AVG AntiVirus, and post back whether it detects any viruses or not.
Also, post whether ZoneAlarm is asking for permission to allow some processes to connect to Internet, along with this please post the Ewido log file.

0

K, thanks. I did all of the above, when I ran AVG (full system scan) no viruses were found.

One more thing please. When I run Spybot it finds a virus that needs to be deleted at system reboot, but even when Spybot starts at reboot it can't delete the virus.

Also, is there any way to have ewido not remove my "favorites?"

Edit:

One more thing please.

When I ran Ad-Aware SE, after all of the above, this message appeared.

http://img.photobucket.com/albums/v160/Xaminor/new/untitled.jpg

^^^^

0

One more thing please. When I run Spybot it finds a virus that needs to be deleted at system reboot, but even when Spybot starts at reboot it can't delete the virus.

Can you post the name of the spyware it is detecting?

Also, is there any way to have ewido not remove my "favorites?"

There is no direct method to stops Ewido from scanning in the "Favorites". You have to choose the option "None" when it pops up the warning message when it finds anything inside the "Favorites" folder. Also, make sure that you uncheck the option "Perform action with all the infection".

When I ran Ad-Aware SE, after all of the above, this message appeared.

http://img.photobucket.com/albums/v160/Xaminor/new/untitled.jpg

^^^^

The detected is present in the XP's System Restore Folder. When XP takes a snaphot of the System for the restore purposes, it copies all the files in the folder named System Volume Information, but these files are suitably renamed. When AdAware scanned that file, which was originally a SDBot Virus file, AVG's background scanner picked it up.
Since these files are renamed, they should not pose any threat now, but when you do the System Restore, these files are restored back to their orignal locations with their original filenames, then you would have problem.

You can all the delete the Restore Points except the latest one by doing this, double-click on the "My Computer" and then right-click on the C:\ Drive icon, and click "Properties". Then click "Disk CleanUp". Here click "More Options" tab, and click "Cleanup.." button in the "System Restore" option box and choose "Yes" to delete older Restore Points.

0

ISearchTech.SideFind is what Spybot finds that can't be removed, even on reboot. Thanks, you're really good at this.

0

Hi,
Please download FxIstbar, removal tool from Symantec. Close all other running programs, and double-click on the FxIstbar file. Then click "Start" to start the scan.

When the scan is finished, reboot the PC, and perform a scan using SpyBot SnD.
Check whether it detects anything or not. If it detects SideFind ( or any other thing ), fix it. Then click Tools button in the left pane. Here click "View Report" button. Here check all items except "Do not report disabled or legitimate items" option, and click "View Report". When the report is diaplayed, click "Export" and save it.
Open the saved report file in NotePad, and post it's contents here.

0

K, thanks, here is the report.

--- Search result list ---
ISearchTech.SideFind: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar
EAcceleration: Program group (Directory, fixed)
C:\Documents and Settings\Owner\Start Menu\Programs\filesubmit\
GrokLoader: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1409082233-484061587-1417001333-1003\Software\Softwrap\Adtracker________


--- Spybot - Search & Destroy version: 1.4  (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-07-18 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-07-11 Includes\Dialer.sbi (*)
2005-07-15 Includes\Hijackers.sbi (*)
2005-06-23 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-07-15 Includes\Malware.sbi (*)
2005-06-09 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-06-09 Includes\Security.sbi (*)
2005-07-15 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-07-15 Includes\Trojans.sbi (*)


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 320920
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885626
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)


--- Startup entries list ---
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 352256
MD5: 6e74941e3e14cb67fb1648b45a041f0d
Located: HK_LM:Run, AVG7_EMC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 273920
MD5: 8f0843b553882e9c678b8f83be8a438a
Located: HK_LM:Run, CTDVDDET
command: C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
file: C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
size: 45056
MD5: db20fce248d269e1c396e70a91e587c8
Located: HK_LM:Run, CTHelper
command: CTHELPER.EXE
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 24576
MD5: 15f71a562eb274baae347a7a224e3bf9
Located: HK_LM:Run, CTSysVol
command: C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
file:
Located: HK_LM:Run, Logitech Utility
command: Logi_MwX.Exe
file: C:\WINDOWS\Logi_MwX.Exe
size: 20992
MD5: c921a733fa3f1e4c3505d436dbc5ea47
Located: HK_LM:Run, Mcafee Antivirus Monitoring System8
command: VSStatmn8.exe
file:
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 7ecd5764e6418cb3baf52381c67fda11
Located: HK_LM:Run, RemoteCenter
command:
file:
Located: HK_LM:Run, SBDrvDet
command: C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
file:
Located: HK_LM:Run, Services
command: C:\WINDOWS\csrss.exe
file:
Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc
Located: HK_LM:Run, Zone Labs Client
command: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 935688
MD5: bac4e154f30aba45bb99c0bb9196a57e
Located: HK_LM:RunServices, Mcafee Antivirus Monitoring System8
command: VSStatmn8.exe
file:
Located: HK_CU:Run, Creative Detector
command: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
file:
Located: HK_CU:Run, IncrediMail
command: C:\Program Files\IncrediMail\bin\IncMail.exe /c
file:
Located: HK_CU:Run, LDM
command: \Program\BackWeb-8876480.exe
file:
Located: HK_CU:Run, Mcafee Antivirus Monitoring System8
command: VSStatmn8.exe
file:
Located: HK_CU:Run, MsnMsgr
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 6856704
MD5: 79ac63592f9b6750f2026a2520c11bee
Located: HK_CU:Run, RemoteCenter
command: C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
file: C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
size: 139264
MD5: 5940ea63fcffa48f1e52eb2b4c539ba2
Located: HK_CU:Run, RemoteControl
command:
file:
Located: Startup (common), Logitech Desktop Messenger.lnk
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
size: 169472
MD5: 91291ca1490f952d977618544d540b87
Located: Startup (common), Logitech SetPoint.lnk
command: C:\Program Files\Logitech\SetPoint\KEM.exe
file: C:\Program Files\Logitech\SetPoint\KEM.exe
size: 573440
MD5: 13eca568c95c7dd9c2f77de7ba7355cd
Located: Startup (disabled), WinZip Quick Pick (DISABLED)
command: C:\PROGRA~1\WinZip\WZQKPICK.EXE
file: C:\PROGRA~1\WinZip\WZQKPICK.EXE
size: 118784
MD5: 67b2e7b6ae3b400d832f0456068ea83d
Located: Startup (disabled), BounceBack Launcher (DISABLED)
command: C:\PROGRA~1\CMSPER~1\BOUNCE~1\BBLAUN~1.EXE
file: C:\PROGRA~1\CMSPER~1\BOUNCE~1\BBLAUN~1.EXE
size: 86016
MD5: 93bcd381e978aa7669fc85a71ce91556
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll


--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name:       SDHelper.dll
Short name:
Date (created): 7/18/2005 6:21:42 PM
Date (last access): 7/23/2005 12:28:32 AM
Date (last write): 5/31/2005 1:04:00 AM
Filesize:             853672
Attributes:           archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32:           D4589A41
Version:            1.4.0.0
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name:       GOOGLE~1.DLL
Date (created): 7/20/2005 1:32:50 PM
Date (last access): 7/23/2005 12:31:46 AM
Date (last write): 7/20/2005 1:32:50 PM
Filesize:             720896
Attributes:  readonly archive
MD5: EF84F3C59A075B66CA3E99C654224004
CRC32:           ED2F33CD
Version:         2.0.114.10


--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} ()
DPF name:
CLSID name:
Installer:
Codebase: http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121641361620
Path: C:\WINDOWS\System32\
Long name:          wuweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 7/21/2005 8:12:14 PM
Date (last write): 5/26/2005 4:19:32 AM
Filesize:             173536
Attributes:           archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32:           EEF66B50
Version:         5.8.0.2469
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name:       MSNMES~1.OCX
Date (created): 3/17/2005 2:48:34 PM
Date (last access): 7/22/2005 10:25:34 PM
Date (last write): 3/17/2005 2:48:34 PM
Filesize:             113152
Attributes:           archive
MD5: 92D24B6643919005213F60D5B537196A
CRC32:           31684779
Version:            1.0.0.2
{F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail)
DPF name:
CLSID name: IncrediMail
Installer:
Codebase: http://www5.incredimail.com/contents/setup/downloader/imloader.cab


--- Process list ---
PID:    0 (   0) [System]
PID:  440 (   4) \SystemRoot\System32\smss.exe
PID:  496 ( 440) \??\C:\WINDOWS\system32\csrss.exe
PID:  520 ( 440) \??\C:\WINDOWS\system32\winlogon.exe
PID:  564 ( 520) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID:  576 ( 520) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID:  736 ( 564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID:  792 ( 564) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID:  860 ( 564) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID:  924 ( 564) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1004 ( 564) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1152 ( 564) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 1404 (1380) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1500 (1492) C:\Program Files\Logitech\MouseWare\system\em_exec.exe
size: 38912
MD5: 1C03DE52051462CD6D52FB3CE202EDEE
PID: 1508 (1404) C:\WINDOWS\system32\CTHELPER.EXE
size: 24576
MD5: 15F71A562EB274BAAE347A7A224E3BF9
PID: 1516 (1404) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 935688
MD5: BAC4E154F30ABA45BB99C0BB9196A57E
PID: 1524 (1404) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 352256
MD5: 6E74941E3E14CB67FB1648B45A041F0D
PID: 1532 (1404) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 273920
MD5: 8F0843B553882E9C678B8F83BE8A438A
PID: 1548 (1404) C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
size: 45056
MD5: DB20FCE248D269E1C396E70A91E587C8
PID: 1600 (1404) C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
size: 139264
MD5: 5940EA63FCFFA48F1E52EB2B4C539BA2
PID: 1608 (1404) C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
size: 98304
MD5: EFEA7470BCF9EFD88C56ED08CFE16031
PID: 1764 ( 564) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
size: 330240
MD5: 9DBD26D7D7967D918C507B1E2A93A37E
PID: 1792 (1584) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 1876 ( 564) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
size: 84480
MD5: 62E6B23B906B213836470740FE449B43
PID: 1928 ( 564) C:\Program Files\ewido\security suite\ewidoctrl.exe
size: 16448
MD5: 867D9D1FA818F8629BB7A4A26E94B06A
PID:  296 ( 564) C:\WINDOWS\System32\nvsvc32.exe
size: 127043
MD5: F6FCA6047879DE7A2964757EB8B2101B
PID:  972 ( 564) C:\WINDOWS\System32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 1060 ( 564) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 1210112
MD5: 049EB3C18DD71B96075DD7DA48043FDF
PID: 1228 ( 564) C:\WINDOWS\System32\MsPMSPSv.exe
size: 53520
MD5: 581176F60885AEF8F78C6E38DCC3CDF9
PID: 2332 ( 564) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3960 (1404) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4012 (1404) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 388B8FBC36A8558587AFC90FB23A3B99
PID:    4 (   0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/23/2005 1:00:39 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistanthttp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearchhttp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol  0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol  1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol  2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
[*]
Protocol  3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol  4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol  5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BCC84C39-4CFB-4C0C-83FE-0631E0046961}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol  6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BCC84C39-4CFB-4C0C-83FE-0631E0046961}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol  7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B2F0FB4A-B1F6-4C73-8760-10FF9C62D9DC}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol  8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B2F0FB4A-B1F6-4C73-8760-10FF9C62D9DC}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol  9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7EAD76E5-DDB9-4D8B-9851-0F765FC03C68}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7EAD76E5-DDB9-4D8B-9851-0F765FC03C68}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AFE2768-A41A-4E05-AB11-673F694C69D5}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AFE2768-A41A-4E05-AB11-673F694C69D5}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29085E40-C1CA-4771-9738-A3FB3E624363}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29085E40-C1CA-4771-9738-A3FB3E624363}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider  0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider  1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider  2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace


--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com
(AddressBook)
Adobe Acrobat 4.0 4.0 (Adobe Acrobat 4.0)
version (major): 4
install location: C:\Program Files\Adobe\Acrobat 4.0
install source: C:\Documents and Settings\Owner\Local Settings\Temp\pft9~tmp\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/prodindex/acrobat/main.html
AsusUpdate  (AsusUpdate)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
(AudioHQ)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9  /remove
AVG Free Edition  (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
(Branding)
CleanUp!  (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe
(Connection Manager)
(Creative MediaSource)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9  /remove
(Creative MediaSource AudioSync Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9  /remove
(Creative MediaSource CD-ROM Burner Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9  /remove
(Creative MediaSource Detector)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9  /remove
(Creative MediaSource DVD-Audio Player)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9  /remove
(Creative MediaSource Go!)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9  /remove
(Creative MediaSource NOMAD II/MG Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9  /remove
(Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9  /remove
(Creative MediaSource NOMAD Jukebox Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9  /remove
(Creative MediaSource NOMAD MuVo Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9  /remove
(Creative MediaSource Player Skin Pack)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9  /remove
(Creative MediaSource RemoteControl Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9  /remove
(Creative MiniDisc Center)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9  /remove
(Creative Restore Defaults)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9  /remove
(Creative WaveStudio)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9  /remove
Desktop Architect  (Desktop Architect)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Desktop Architect\Uninst.isu"
(Diagnostics_Audigy2)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9  /remove
(DirectAnimation)
(DirectDrawEx)
(DTS Console)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9  /remove
(DXM_Runtime)
(EAX)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
(EQUALIZER)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9  /remove
ewido security suite  (ewidosecuritysuite)
install location: C:\Program Files\ewido\security suite
uninstall cmd: C:\Program Files\ewido\security suite\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net
(Fontcore)
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
IncrediMail Xe  (IncrediMail)
uninstall cmd: C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Microsoft Data Access Components KB870669  (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669
Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
Security Update for Windows XP (KB883939) 1 (KB883939)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939
(KB884016)
Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250
Windows XP Hotfix - KB885626 20040909.122822 (KB885626)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885626$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885626
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742
Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
Security Update for Windows XP (KB890046) 1 (KB890046)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
Security Update for Windows XP (KB893066) 2 (KB893066)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066
Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086
(KB893803)
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Security Update for Windows XP (KB896358) 1 (KB896358)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896422) 1 (KB896422)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
Update for Windows XP (KB898461) 1 (KB898461)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
Security Update for Windows XP (KB901214) 1 (KB901214)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235
(Microsoft NetShow Player 2.0)
mIRC  (mIRC)
uninstall cmd: "C:\Program Files\mIRC\mirc.exe" -uninstall
(MobileOptionPack)
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(MsJavaVM)
MSN  (MSNINST)
uninstall cmd: C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
(NetMeeting)
NVIDIA Drivers  (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\System32\nvudisp.exe UninstallGUI
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Queen of the Night Halloween Theme  (Queen of the Night Halloween Theme)
uninstall cmd: C:\PROGRA~1\FILESU~1\QUEENO~1\UNWISE.EXE C:\PROGRA~1\FILESU~1\QUEENO~1\INSTALL.LOG
(SB Audigy 2 Getting Started Demo)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9  /remove
(SchedulingAgent)
SereneScreen Marine Aquarium 2 2.0 (SereneScreen Marine Aquarium 2_is1)
uninstall cmd: "C:\Program Files\SereneScreen\Marine Aquarium 2\unins000.exe"
publisher: Prolific Publishing, Inc.
help link: http://www.SereneScreen.com
(SFBM)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
(Sound Blaster Audigy 2 ZS)
(Sound Blaster Audigy 2 ZS Windows Drivers)
uninstall cmd: "C:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S
(SPEAKER)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
(SPKR_CALIBRATOR)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC
(SURMIXER)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
Creative System Information  (SysInfo)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9  /remove
(THX_Console)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9  /remove
Windows Media Format Runtime  (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10  (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113
WinRAR archiver  (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe
WinZip  9.0 SR-1 (6224) (WinZip)
version (major): 9
install location: C:\PROGRA~1\WINZIP\
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm
ZoneAlarm 5.5.094.000 (ZoneAlarm)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Zone Labs, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Help\zaclients.chm
({169F8893-C1C5-4847-972C-EA1E008112AC})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
({1888DAFD-C634-4BC4-865C-3455E24F6177})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
Google Toolbar for Internet Explorer  ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
({236FADD8-58FD-11D6-A285-00A0CC51B2FE})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
({25EF00A1-F17B-11D6-88EA-000476CD2443})
Logitech SetPoint 2.11 ({2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3})
version: 34275328
install location: C:\Program Files\Logitech\SetPoint
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20050716
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
({435E969D-867E-4364-8E74-3DC8A69C5BDB})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
({5210ED6D-52A9-11D6-A285-00A0CC51B2FE})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
Creative MediaSource  ({56F3E1FF-54FE-4384-A153-6CCABA097814})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Logitech MouseWare 9.80   ({5809E7CF-4DCF-11D4-9875-00105ACE7734})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
({5933921D-4253-40B6-B4D9-B7D680F1B6EC})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9
({5CDC05F7-83E4-4611-AD3C-A6EB2100332A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
({5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
({67AEFC4C-69E4-11D7-85F4-00E018013273})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
({7201B853-5833-11D6-A285-00A0CC51B2FE})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
({72A810B1-EE62-455A-A086-E1C9FEDE7F29})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9
Balls of Steel DEMO v1.3  ({72EC7801-64FB-42BF-BBF0-143D65FA7B1D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72EC7801-64FB-42BF-BBF0-143D65FA7B1D}\setup.exe"
({77ACE67A-0D21-4CEF-8A97-ED20A61B978B})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
({7A900EAB-DA37-4554-AF19-9C337476D05D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
({869D88A5-BD6C-4E39-8536-D95259EAD7E8})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
({87499F38-FD69-4A2B-B41A-BAB8DE9B94FE})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
({881A74B3-3D17-4842-B9AF-0761C6E6C4B5})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
Logitech Desktop Messenger  ({900B1197-53F5-4F46-A882-2CFFFE2EEDCB})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
({9154ED7C-926E-49CC-B677-0CF3C5267457})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
BounceBack Express  ({95632566-071E-4A02-92C1-4BD907065736})
uninstall cmd: C:\WINDOWS\BBUninstall.exe /uninst
({9A4D2983-4662-4387-BE3D-4CFC2FA9C100})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
Sound Blaster Audigy 2 ZS  ({9E2514D9-DC24-4634-B348-61F3EF0F1628})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x9
({A1185190-514F-11D6-A285-00A0CC51B2FE})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
DiscWizard 2003  ({A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}\Setup.exe"
MSN Messenger 7.0 7.0.0816 ({ABEB838C-A1A7-4C5D-B7E1-8B4314600816})
version: 117441328
version (major): 7
estimated size: 11793
install date: 20050722
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
publisher: Microsoft Corporation
({AC157741-3285-4D6A-B934-9174587A3493})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
({B3549608-69D3-11D7-AB2D-0090271A23A2})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
ViewSonic Monitor Drivers  ({B4FEA924-630D-11D4-B78E-005004566E4D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
({B5BAAFAE-3561-463D-8E3F-91761A57ADB8})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
({C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
({DEBD7BF3-5856-11D6-A285-00A0CC51B2FE})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
({EE6699B3-E5AD-4E59-8F2B-207DF630670C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
The Tomb  ({F181AC0A-9A40-11D6-9A6E-0050BF7EC58C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F181AC0A-9A40-11D6-9A6E-0050BF7EC58C}\setup.exe"
({FB2292C6-1F0A-11D7-AB2D-0090271A23A2})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
({FD549B7B-3532-4160-80D4-3E3DD39A9AE5})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
({FD851F7E-F887-405D-9E1C-488811113EF3})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9


--- System Services ---
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1
Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1
Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1
Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 841F385C6CFAF66B58FBD898722BB4F0
Start: 3
Type: 1
Error Control: 1
Service (registry key): AFD
Display name: AFD Networking Support Environment
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): agp440
Display name: Intel AGP Bus Filter
Image path: System32\DRIVERS\agp440.sys
Image size: 42368
Image MD5: 2C428FA0C3E3A01ED93C9B2A27D8D4BB
Start: 0
Type: 1
Error Control: 1
Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1
Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1
Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1
Service (registry key): AN983
Display name: ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter
Image path: System32\DRIVERS\AN983.sys
Image size: 36224
Image MD5: 116BFF96077A4A724E0AAB800525CEB5
Start: 3
Type: 1
Error Control: 1
Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Service (registry key): Arp1394
Display name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Image path: System32\DRIVERS\arp1394.sys
Image size: 60800
Image MD5: F0D692B0BFFB46E30EB3CEA168BBC49F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): asc
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1
Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): audstub
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1
Service (registry key): Avg7Alrt
Display name: AVG7 Alert Manager Server
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Image size: 330240
Image MD5: 9DBD26D7D7967D918C507B1E2A93A37E
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): Avg7Core
Display name: AVG7 Kernel
Image path: \SystemRoot\System32\Drivers\avg7core.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avg7RsW
Display name: AVG7 Wrap Driver
Image path: \SystemRoot\System32\Drivers\avg7rsw.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avg7RsXP
Display name: AVG7 Resident Driver XP
Image path: \SystemRoot\System32\Drivers\avg7rsxp.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avg7UpdSvc
Display name: AVG7 Update Service
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Image size: 84480
Image MD5: 62E6B23B906B213836470740FE449B43
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): AvgTdi
Display name: AVG Network Redirector
Image path: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys
Image size: 4704
Image MD5: 065684F105712B71F8FA7A1FD5133252
Start: 2
Type: 1
Error Control: 1
Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0
Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1
Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Rpcss
Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1
Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1
Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0
Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: System32\DRIVERS\cdrom.sys
Image size: 49536
Image MD5: AF9C19B3100FE010496B1A27181FBF72
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0
Service (registry key): cisvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5632
Image MD5: 3192BD04D032A9C4A85A3278C268A13A
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 33280
Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
Start: 4
Type: 16
Error Control: 1
Depends On services: NetDDE
Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 5120
Image MD5: DD87DB7387B9EB441C5674888A0D840C
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0
Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0
Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1
Service (registry key): Creative Service for CDROM Access
Display name: Creative Service for CDROM Access
Object name: LocalSystem
Image path: C:\WINDOWS\system32\CTsvcCDA.exe
Start: 2
Type: 16
Error Control: 1
Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): ctac32k
Display name: Creative AC3 Software Decoder
Image path: System32\drivers\ctac32k.sys
Image size: 645392
Image MD5: 39E4D8F8E627ECA4A76D9843606BAE0A
Start: 3
Type: 1
Error Control: 1
Service (registry key): ctaud2k
Display name: Creative Audio Driver (WDM)
Image path: system32\drivers\ctaud2k.sys
Image size: 366160
Image MD5: DE80BD73C255F8FECAF271C04A022A2F
Start: 3
Type: 1
Error Control: 1
Service (registry key): ctdvda2k
Display name: Creative DVD-Audio Device Driver
Image path: System32\drivers\ctdvda2k.sys
Image size: 332800
Image MD5: 18779D6877A2F4FF2F23193FEE44B095
Start: 3
Type: 1
Error Control: 1
Service (registry key): ctprxy2k
Display name: Creative Proxy Driver
Image path: System32\drivers\ctprxy2k.sys
Image size: 6096
Image MD5: A07820A06BFDBFFA1D207C7778205A4D
Start: 3
Type: 1
Error Control: 1
Service (registry key): ctsfm2k
Display name: Creative SoundFont Management Device Driver
Image path: System32\drivers\ctsfm2k.sys
Image size: 130288
Image MD5: D29B3EEB5155A06B94F8D75C126A9C0C
Start: 3
Type: 1
Error Control: 1
Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0
Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1
Service (registry key): DcomLaunch
Display name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k DcomLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT
Service (registry key): Disk
Display name: Disk Driver
Image path: System32\DRIVERS\disk.sys
Image size: 36352
Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"
Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 224768
Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer
Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 799744
Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmio
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmload
Start: 4
Type: 1
Error Control: 1
Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay
Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 52864
Image MD5: A6F881284AC1150E37D9AE47FF601267
Start: 3
Type: 1
Error Control: 1
Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip
Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1
Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2944
Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
Start: 3
Type: 1
Error Control: 1
Service (registry key): emupia
Display name: E-mu Plug-in Architecture Driver
Image path: System32\drivers\emupia2k.sys
Image size: 145488
Image MD5: 39FBCED3E762B85846B3DA494FCD33FE
Start: 3
Type: 1
Error Control: 1
Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1
Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): ewido security suite control
Display name: ewido security suite control
Object name: LocalSystem
Image path: C:\Program Files\ewido\security suite\ewidoctrl.exe
Image size: 16448
Image MD5: 867D9D1FA818F8629BB7A4A26E94B06A
Start: 2
Type: 272
Error Control: 0
Service (registry key): ewido security suite driver
Display name: ewido security suite driver
Image path: \??\C:\Program Files\ewido\security suite\guard.sys
Image size: 3072
Image MD5: 2FF233E31AEFFF332F187E8E2ABFA6C5
Start: 1
Type: 1
Error Control: 0
Service (registry key): ewido security suite guard
Display name: ewido security suite guard
Object name: LocalSystem
Image path: C:\Program Files\ewido\security suite\ewidoguard.exe
Image size: 163904
Image MD5: 13EE66A939D7C3A2ED62C967DEBD52BB
Start: 2
Type: 272
Error Control: 0
Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1
Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService
Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: System32\DRIVERS\fdc.sys
Image size: 27392
Image MD5: CED2E8396A8838E59D8FD529C680E02C
Start: 3
Type: 1
Error Control: 1
Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1
Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: System32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 0DD1DE43115B93F4D85E889D7A86F548
Start: 3
Type: 1
Error Control: 1
Service (registry key): FltMgr
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Image size: 124800
Image MD5: 157754F0DF355A9E0A6F54721914F9C6
Start: 0
Type: 2
Error Control: 1
Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0
Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: System32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1
Service (registry key): gameenum
Display name: Game Port Enumerator
Image path: System32\DRIVERS\gameenum.sys
Image size: 10624
Image MD5: 5F92FD09E5610A5995DA7D775EADCD12
Start: 3
Type: 1
Error Control: 0
Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: System32\DRIVERS\msgpc.sys
Image size: 35072
Image MD5: C0F1D4A21DE5A415DF8170616703DEBF
Start: 3
Type: 1
Error Control: 1
Service (registry key): ha10kx2k
Display name: Creative Hardware Abstract Layer Driver
Image path: System32\drivers\ha10kx2k.sys
Image size: 904496
Image MD5: 848F9033AD1C2C6F7EE7E65C2DAF45F1
Start: 3
Type: 1
Error Control: 1
Service (registry key): hap16v2k
Display name: Creative P16V HAL Driver
Image path: System32\drivers\hap16v2k.sys
Image size: 148432
Image MD5: D2FE992041527EF54E438A3FC82D3B23
Start: 3
Type: 1
Error Control: 1
Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): HidServ
Display name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): hidusb
Display name: Microsoft HID Class Driver
Image path: System32\DRIVERS\hidusb.sys
Image size: 9600
Image MD5: 1DE6783B918F540149AA69943BDFEBA8
Start: 3
Type: 1
Error Control: 0
Service (registry key): hpn
Start: 4
Type: 1
Error Control: 1
Service (registry key): hpt3xx
Start: 4
Type: 1
Error Control: 1
Service (registry key): HTTP
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: System32\Drivers\HTTP.sys
Image size: 262400
Image MD5: BFB7B73C942E816C4FB4A5A7BAE87136
Start: 3
Type: 1
Error Control: 1
Service (registry key): HTTPFilter
Display name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service,  using the Secure Socket Layer (SSL).  If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1
Service (registry key): i2omp
Start: 4
Type: 1
Error Control: 1
Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: System32\DRIVERS\i8042prt.sys
Image size: 52736
Image MD5: 5502B58EEF7486EE6F93F3F164DCB808
Start: 1
Type: 1
Error Control: 1
Service (registry key): Imapi
Start: 1
Type: 1
Error Control: 0
Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\imapi.exe
Image size: 150016
Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931
Start: 3
Type: 16
Error Control: 1
Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0
Service (registry key): ini910u
Start: 4
Type: 1
Error Control: 1
Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0
Service (registry key): IntelIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): intelppm
Display name: Intel Processor Driver
Image path: System32\DRIVERS\intelppm.sys
Image size: 36096
Image MD5: 279FB78702454DFF2BB445F238C048D2
Start: 1
Type: 1
Error Control: 1
Service (registry key): ip6fw
Display name: IPv6 Windows Firewall Driver
Description: Provides intrusion prevention service for a home or small office network.
Image path: system32\drivers\ip6fw.sys
Image size: 29056
Image MD5: 4448006B6BC60E6C027932CFC38D6855
Start: 3
Type: 1
Error Control: 1
Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: System32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: System32\DRIVERS\ipinip.sys
Image size: 20992
Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: System32\DRIVERS\ipnat.sys
Image size: 134912
Image MD5: E2168CBC7098FFE963C6F23F472A3593
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: System32\DRIVERS\ipsec.sys
Image size: 74752
Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1
Start: 1
Type: 1
Error Control: 1
Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: System32\DRIVERS\irenum.sys
Image size: 11264
Image MD5: 50708DAA1B1CBB7D6AC1CF8F56A24410
Start: 3
Type: 1
Error Control: 1
Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0
Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: System32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3
Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: System32\DRIVERS\kbdclass.sys
Image size: 24576
Image MD5: EBDEE8A2EE5393890A1ACEE971C4C246
Start: 1
Type: 1
Error Control: 1
Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 171776
Image MD5: D93CAD07C5683DB066B0B2D2D3790EAD
Start: 3
Type: 1
Error Control: 1
Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1
Service (registry key): L8042Kbd
Display name: Logitech SetPoint Keyboard Driver
Image path: system32\DRIVERS\L8042Kbd.sys
Image size: 13105
Image MD5: 59796B39A779AF1DF1E883BAE62809C6
Start: 3
Type: 1
Error Control: 0
Service (registry key): l8042pr2
Start: 0
Type: 0
Error Control: 0
Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0
Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0
Service (registry key): LHidFlt2
Display name: Logitech HID/USB Mouse Filter Driver
Image path: system32\DRIVERS\LHidFlt2.Sys
Image size: 25630
Image MD5: 03976C309EDE05D39017C05B817CD94F
Start: 3
Type: 1
Error Control: 1
Service (registry key): LHidKe
Start: 0
Type: 0
Error Control: 0
Service (registry key): LHidUsb
Display name: Logitech USB Receiver device driver
Description: Logitech USB Receiver
Image path: System32\Drivers\LHidUsb.Sys
Image size: 37916
Image MD5: 25688115843C4028686A96D88BC28007
Start: 3
Type: 1
Error Control: 0
Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0
Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd
Service (registry key): LMouFlt2
Display name: Logitech Mouse Class Filter Driver
Image path: system32\DRIVERS\LMouFlt2.Sys
Image size: 70894
Image MD5: 26407519FCA64EC4091FE1F815B4AFC4
Start: 3
Type: 1
Error Control: 1
Service (registry key): logitech
Start: 0
Type: 0
Error Control: 0
Service (registry key): MAPI
Display name: MAPI Mail Client
Description: Enables support for the Messaging Application Program Interface.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\mapi32.exe
Start: 2
Type: 272
Error Control: 0
Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS
Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0
Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\mnmsrvc.exe
Image size: 32768
Image MD5: F6415361201915B9FE3896B0E4E724FF
Start: 3
Type: 272
Error Control: 1
Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0
Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: System32\DRIVERS\mouclass.sys
Image size: 23040
Image MD5: 34E1F0031153E491910E12551400192C
Start: 1
Type: 1
Error Control: 1
Service (registry key): mouhid
Display name: Mouse HID Driver
Image path: System32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Start: 3
Type: 1
Error Control: 0
Service (registry key): MountMgr
Display name: Mount Point Manager
Start: 0
Type: 1
Error Control: 1
Service (registry key): mraid35x
Start: 4
Type: 1
Error Control: 1
Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: System32\DRIVERS\mrxdav.sys
Image size: 181248
Image MD5: 46EDCC8F2DB2F322C24F48785CB46366
Start: 3
Type: 2
Error Control: 1
Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: System32\DRIVERS\mrxsmb.sys
Image size: 451584
Image MD5: 5DDC9A1B2EB5A4BF010CE8C019A18C1F
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\System32\msdtc.exe
Image size: 6144
Image MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1
Service (registry key): MSIServer
Display name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\msiexec.exe /V
Image size: 78848
Image MD5: F5F0146580E7023ADB963879840777F8
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7552
Image MD5: AE431A8DD3C1D0D0610CDBAC16057AD0
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5376
Image MD5: 13E75FEF9DFEB08EEDED9D0246E1F448
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4992
Image MD5: 1988A33FF19242576C3D0EF9CE785DA7
Start: 3
Type: 1
Error Control: 1
Service (registry key): mssmbios
Display name: Microsoft System Management BIOS Driver
Image path: System32\DRIVERS\mssmbios.sys
Image size: 15488
Image MD5: 469541F8BFD2B32659D5D463A6714BCE
Start: 3
Type: 1
Error Control: 1
Service (registry key): ms_mpu401
Display name: Microsoft MPU-401 MIDI UART Driver
Image path: system32\drivers\msmpu401.sys
Image size: 2944
Image MD5: CA3E22598F411199ADC2DFEE76CD0AE0
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1
Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1
Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: System32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1
Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: System32\DRIVERS\ndisuio.sys
Image size: 12928
Image MD5: 34D6CD56409DA9A7ED573E1C90A308BF
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: System32\DRIVERS\ndiswan.sys
Image size: 91776
Image MD5: 0B90E255A9490166AB368CD55A529893
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1
Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: System32\DRIVERS\netbios.sys
Image size: 34560
Image MD5: 3A2ACA8FC1D7786902CA434998D7CEB4
Start: 1
Type: 2
Error Control: 1
Service (registry key): NetBT
Display name: NetBios over Tcpip
Description: NetBios over Tcpip
Image path: System32\DRIVERS\netbt.sys
Image size: 162816
Image MD5: 0C80E410CD2F47134407EE7DD19CC86B
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM
Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 111104
Image MD5: 05AFB5AD06462257BEA7495283C86D50
Start: 4
Type: 32
Error Control: 1
Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): NIC1394
Display name: 1394 Net Driver
Image path: System32\DRIVERS\nic1394.sys
Image size: 61824
Image MD5: 5C5C53DB4FEF16CF87B9911C7E8C6FBC
Start: 3
Type: 1
Error Control: 1
Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd
Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1
Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1
Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 3
Type: 32
Error Control: 1
Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Null
Start: 1
Type: 1
Error Control: 1
Service (registry key): nv
Image path: System32\DRIVERS\nv4_mini.sys
Image size: 3200256
Image MD5: 10458BFC0968E7E69D77F292942B27B1
Start: 3
Type: 1
Error Control: 0
Service (registry key): NVSvc
Display name: NVIDIA Display Driver Service
Description: Provides system and desktop level support to the NVIDIA display driver
Object name: LocalSystem
Image path: %SystemRoot%\System32\nvsvc32.exe
Image size: 127043
Image MD5: F6FCA6047879DE7A2964757EB8B2101B
Start: 2
Type: 16
Error Control: 1
Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: System32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd
Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: System32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1
Service (registry key): ohci1394
Display name: OHCI Compliant IEEE 1394 Host Controller
Image path: System32\DRIVERS\ohci1394.sys
Image size: 61056
Image MD5: 0951DB8E5823EA366B0E408D71E1BA2A
Start: 0
Type: 1
Error Control: 1
Service (registry key): ossrv
Display name: Creative OS Services Driver
Image path: system32\drivers\ctoss2k.sys
Image size: 178672
Image MD5: 64631723B13CBCC153294347535844BE
Start: 3
Type: 1
Error Control: 1
Service (registry key): Parport
Display name: Parallel port driver
Image path: System32\DRIVERS\parport.sys
Image size: 80128
Image MD5: 29744EB4CE659DFE3B4122DEB45BC478
Start: 3
Type: 1
Error Control: 1
Service (registry key): PartMgr
Display name: Partition Manager
Start: 0
Type: 1
Error Control: 1
Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"
Service (registry key): PCI
Display name: PCI Bus Driver
Image path: System32\DRIVERS\pci.sys
Image size: 68224
Image MD5: 8086D9979234B603AD5BC2F5D890B234
Start: 0
Type: 1
Error Control: 3
Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0
Service (registry key): PCIIde
Image path: System32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Start: 0
Type: 1
Error Control: 1
Service (registry key): Pcmcia
Start: 4
Type: 1
Error Control: 1
Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0
Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0
Service (registry key): perc2
Start: 4
Type: 1
Error Control: 1
Service (registry key): perc2hib
Start: 4
Type: 1
Error Control: 1
Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0
Service (registry key): PfDetNT
Image path: \??\C:\WINDOWS\System32\drivers\PfModNT.sys
Image size: 15840
Image MD5: C8A2D6FF660AC601B7BB9A9B16A5C25E
Start: 2
Type: 1
Error Control: 1
Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 108032
Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4
Start: 2
Type: 32
Error Control: 1
Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec
Service (registry key): portD
Display name: ABS PortIO Service
Image path: system32\DRIVERS\portd2k.sys
Image size: 7372
Image MD5: 7B87E62BF60B51A2119FACA7BD6310C3
Start: 2
Type: 1
Error Control: 1
Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: System32\DRIVERS\raspptp.sys
Image size: 48384
Image MD5: 1C5CC65AAC0783C344F16353E60B72AC
Start: 3
Type: 1
Error Control: 1
Service (registry key): Processor
Display name: Processor Driver
Image path: System32\DRIVERS\processr.sys
Image size: 35328
Image MD5: 0D97D88720A4087EC93AF7DBB303B30A
Start: 1
Type: 1
Error Control: 1
Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 13312
Image MD5: 84885F9B82F4D55C6146EBF6065D75D2
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs
Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: System32\DRIVERS\psched.sys
Image size: 69120
Image MD5: 48671F327553DCF1D27F6197F622A668
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc
Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: System32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1
Service (registry key): ql1080
Start: 4
Type: 1
Error Control: 1
Service (registry key): Ql10wnt
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql12160
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1240
Start: 4
Type: 1
Error Control: 1
Service (registry key): ql1280
Start: 4
Type: 1
Error Control: 1
Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1
Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv
Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: System32\DRIVERS\rasl2tp.sys
Image size: 51328
Image MD5: 98FAEB4A4DCF812BA1C6FCA4AA3E115C
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv
Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: System32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 7306EEED8895454CBED4669BE9F79FAA
Start: 3
Type: 1
Error Control: 1
Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: System32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1
Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: System32\DRIVERS\rdbss.sys
Image size: 174592
Image MD5: 809CA45CAA9072B3176AD44579D7F688
Start: 1
Type: 2
Error Control: 1
Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0
Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 140800
Image MD5: 729798E0933076B8FCFCD9934698F164
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: System32\DRIVERS\redbook.sys
Image size: 57472
Image MD5: B31B4588E4086D8D84ADBF9845C2402B
Start: 1
Type: 1
Error Control: 1
Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup
Service (registry key): RemoteRegistry
Start: 4
Type: 0
Error Control: 0
Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\locator.exe
Image size: 75264
Image MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key)

Edited by happygeek: fixed formatting

0

Hi,
Open NotePad, and copy the contents of the below "Quote" box:-

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar]

Go to File Menu > Save As, and save the file with the name Fix.REG and exit from NotePad.

Double-click on Fix.REG and choose "Yes" to merge it with Registry.
After this, restart the PC, run SpyBot SnD again and check whether it detects the same threat again, and post back the results.

0

Hi,
Open NotePad, and copy the contents of the below "Quote" box:-

regedit /e Result.txt "HKEY_LOCAL_MACHINE\Software"

Go to File Menu > Save As, and save the file with the name Find.bat and exit from NotePad.

Double-Click on the file Find.bat, a small DOS type window should open and close immediately. After this, there would be a file called Result.txt in the same location where Find.bat was present. Open the Result.txt and post it's contents here.

0

Hi,
If you can open the Result.txt file, then please alter the above code. That is, replace the line Result.txt with Result.RTF and save the Find.bat file. Then run it again, you will get a new Result.rtf file. Open it, and post it's contents here.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.